Potential restrictions on information obtainable from the database.
- To: whois-tf1-report-comments@xxxxxxxxxxxxxx, whois-tf2-report-comments@xxxxxxxxxxxxxx, whois-tf3-report-comments@xxxxxxxxxxxxxx
- Subject: Potential restrictions on information obtainable from the database.
- From: rsh@xxxxxxxxxxx
- Date: Thu, 24 Jun 2004 16:52:05 -0400
- Reply-to: rsh@xxxxxxxxxxx
I object to any restriction on my ability to find out who is sending me
SPAM, worms, viruses, Trojans or other nefarious material via my
examination, using Sam Spade or other software products, of the
databases maintained that cover the IP address range as used by the
I definitely object to any restrictions imposed that are not sanctioned
by Canada or Canadians in general, as well. If actions to restrict my
ability to research via IP address are imposed by those outside Canada,
I fully believe that they are in violation of my rights under Canadian
law as well.
I cannot and do not recognise the rights of anyone outside of Canada to
impose any restriction on the availability of full information on anyone
who licenses use of an IP address for their personal or corporate or
public use where that domain is available to anyone in Canada to
license. That includes COM, ORG, NET, EDU and any other non-nationalised
For that matter, I also object to the current limitation on the use of
GOV by those in the US. We have a government in Canada, and they too
should be able to use GOV, since it is clear that the US government has
not used even a small range of the possible names governments might
choose to use to name their departments in a GOV domain. Reserving
anything but US to those exclusively in the US is objectionable to those
of us outside the US for relatively obvious reasons, after all.
I also require that all data be ACCURATE. In recent searches I have
found inoperative email addresses on file for locations such as Citibank
and HP.COM, so it is clear that some names are NOT being maintained, be
they the technical contact or the operational contact. This makes
reporting of misuse of their domain names difficult.
I also require that all users ensure that they have an email address to
which misuse and abuse CAN be reported. There are too many cases where
NO valid email address is available and the organisation wants users to
use a FORM on a web site. In turn, these sites often do not accommodate
all possible browsers, making it difficult to report abuse through use
of web browsers such as Mozilla, SlimBrowser, etc.
Forcing use of Internet Explorer as the only acceptable browser should
be against ICANN rules!
Not allowing use of email to report abuse, such email addresses in and
maintained as accurate and current via ICANN rules in the WhoIs data
bases, should also be against the ICANN rules and be grounds for
cancellation of the right to use said domain name. If an organisation
such as Citibank were to find that their domain name was inoperative
because they had not updated the email addresses in their data kept in
WhoIs, the nonsense of permitting them to NOT keep the data current
would soon cease for larger organisations.
With today's abilities to use those posted email addresses to send an
email to the organisation and, if it bounces, to advise them that they
have 10 days to replace same or have said domain shut down, would work
wonders, if every registrar were required to email each such email
address monthly to check its continued viability. The data would stay
accurate and we could rely on it to advise someone in the organisation
that their IP address was being misused IF that were the case. With
phishing being common in the financial industry sphere, this is almost a
In effect we need, in my view, for EACH WhoIS record, a technical
contact, an organisational contact, a contact to whom we can report
attempts to use the domain name for committing a fraud, and an abuse
address. The latter two could be one in the same or separate, if
accurately described in the database. We also need an email address for
sending OUR invoices to the organisation for work done in advising them
of attempts to commit fraud against US using their domain names.
When I receive and report a phishing message I should be able to be
compensated for that report and ICANN should provide for that as well.
Whatever the fee agreed to by ICANN, it should be available as
compensation as an inducement to the various registrars and the domain
name holders to make an effort to go after those committing these types
of crime, instead of leaving it up to the end users of email to protect
themselves without any real help from those who benefit from having
domains on the Internet, and those who are the registrars under ICANN
One man's opinion, of course, and likely impacting all three ICANN task
forces in one way or another.
R.S. (Bob) Heuman - Toronto, ON, Canada
Independent Computer Security Consulting
Web Site Auditing for Compliance with Standards
<rsh@xxxxxxxxxxx> or <rheuman@xxxxxxxxxx>
My opinions - no one else's...
If this is illegal where you are, do not read it!